<?php
	/**
	 *	Copyright (c) TeamFlamingo And gray 2004-2009
	 *	www.me-live.com.cn / www.i-gray.cn
	 *
	 *	[ WARNING ]
	 *		This is NOT a freeware!
	 *		You MUST get author's authorization before using it!
	 *	[ WARNING ]
	 *
	 *	Name : upload.inc.php / Development Code Evolve
	 *	Created / Modify : 2010-3-31 / --
	 */

	/**
	 *	NOTE	2010-3-31
	 *	仅做js与php上传测试
	 *	未完成
	 */
	include	'../init.php';
	if( !extension_loaded( 'memcache' ) )
	{
		$prefix = PHP_SHLIB_SUFFIX == 'dll' ? 'php_' : '';
		if( function_exists( 'dl' ) && @dl( "{$prefix}memcache." . PHP_SHLIB_SUFFIX ) )
			define( 'MEMCACHED_MODULE_LOADED', true );
		else
			define( 'MEMCACHED_MODULE_LOADED', false );
	}
	else
	{
		define( 'MEMCACHED_MODULE_LOADED', true );
	}

	include	ME_CORE . '/memcached.lib.php';
	include	ME_CORE . '/database.lib.php';
	include	ME_CORE . '/common.h.php';

	if( !isset( $_SERVER['HTTP_REFERER'] ) || !eregi( $_SERVER['SERVER_NAME'], $_SERVER['HTTP_REFERER'] ) )
	{
		//	[CH]	非法操作:直接访问或跨站提交
		//	[CH]	写入数据库并屏蔽该IP
		exit;
	}

	//	[CH]	判断用户是否已经登录
	isUserLogin();
	if( !$_SESSION['auth'] )
		exit;

	//	[CH]	定义变量
	$fileUploadDir	=	ME_APP . '/upload/attach/';

	//	[CH]	定义允许上传的文件大小和类型 --	临时变量
	//	[CH]	这个值可以设置成允许后台修改
	$maxFileSize	=	1024000;
	$fileType		=	array
	(
		'jpg', 'bmp', 'gif', 'txt', 'rar', 'zip', '7z', 'doc'
	);

	//	[CH]	定义错误信息
	$error			=	array
	(
		'null'		=>	"文件不存在",
		'ini_size'	=>	"文件大小不能超过{$maxFileSize}字节",
		'partial'	=>	"文件上传不完整，请重试",
		'form_size'	=>	"文件大小不能超过{$maxFileSize}字节",
		'unknown'	=>	"出现一个未知的错误，请重试",
		'type'		=>	"上传文件类型错误",
		'move'		=>	"移动临时文件错误，请重试"
	);

	if( isset( $_POST['uploadKeys'] ) && $_POST['uploadKeys'] == true )
	{
		if( isset( $_FILES['upload'] ) )
		{
			$ext	=	strtolower( getFileExtName( $_FILES['upload']['name'] ) );
			$id	=	getMeInt( $_POST['uploadKeys'] );

			if( !in_array( $ext, $fileType ) )
			{
				echo	fileUploadStatus( $id, $error['type'] );
				return	false;
			}

			$tempFileName	=	strtoupper( md5( time() ) ) . '.' . $ext;
			$uploadFileName	=	$fileUploadDir . $tempFileName;

			switch( $_FILES['upload']['error'] )
			{
				case	'1'	:
				case	UPLOAD_ERR_INI_SIZE	:
					echo	fileUploadStatus( $id, $error['ini_size'] );
				break;

				case	'2'	:
				case	UPLOAD_ERR_FORM_SIZE	:
					echo	fileUploadStatus( $id, $error['form_size'] );
				break;

				case	'3'	:
				case	UPLOAD_ERR_PARTIAL	:
					echo	fileUploadStatus( $id, $error['partial'] );
				break;

				case	'0'	:
				case	UPLOAD_ERR_OK	:
					if( move_uploaded_file( $_FILES['upload']['tmp_name'], $uploadFileName ) )
					{
						$html	=	'<a id="delFiles_' . $id . '" onclick="parent.editor.delAttachFile( this )">从列表删除</a> <a id="delFiles_' . $id . '" onclick="parent.editor.delAttachFile( this, 1 )" alt="' . $tempFileName . '">彻底删除</a> <a id="insertFiles_' . $id . '" onclick="parent.editor.insertToDoc( this )" alt="'. $tempFileName . '">插入到文档</a> ' . $tempFileName;
						echo	fileUploadStatus( $id, $html );
					}
					else
					{
						echo	fileUploadStatus( $id, $error['move'] );
					}
				break;

				default	:
					echo	fileUploadStatus( $id, $error['unknow'] );
				break;
			}
		}
	}

	return	false;
?>